CloudFlare Security Breach
This article goes in depth about how CloudFlare was breach on June 1, 2012. CloudFlare is a service that “makes websites better.” According to Wikipedia CloudFlare is a content delivery network and domain name service that is aimed at enhancing a websites security and performance. CloudFlare gained media attention for providing security to Lulzsec’s website. On June 1 CloudFlare was hacked through a combination of social engineering and horrible internal controls. According to CloudFlare the hacker first utilized social engineering which enabled him to redirect the CEO’s voice mails to a fraudulent voice mail box. The hacker then got Gmail to reset the CEO’s password by calling his phone and issuing the CEO a new pin number. This phone call was directed to the fraudulent voicemail box the hacker set up and it delivered the pin the hacker needed. The hacker could then use the password and reset the CEO’s password gaining access to his Gmail account. The internal flaw that allowed the hacker to steal a customer’s information was that when a customer that uses CloudFlare resets their password the whole executive team receives an e-mail with the new credentials. Someone during this time period reset their credentials so the hacker was able to exploit a flaw in the internal control of the company. This whole process took less than 2 hours to complete according to the article.
Actions were taken by the company to close these holes in their security. They reached out to Google about their 2 factor security system and its flaw. Google acknowledged this and fixed the problem. The company supposedly did an IT security audit at the end of this whole ordeal. Hopefully they put in procedures that restrict the ability of any administrator to reset and gain customer reset information. When you have sensitive information being e-mailed to administrators that more than likely do not need it, this creates more targets for potential hackers to exploit. The social engineering part of the hack really could have been avoided if the CEO had just answered his phone instead of letting it go to voicemail, but other than that there was not much on CloudFlare’s end that could be done to prevent it. The social engineering tactic fooled AT&T and Google so as the article said it is up to them to fix it. This article shows that even IT security companies are still susceptible to being hacked just like everyone else.
-Jacob Booth
Aerospace Cyber Attack: Eurozone Targeted By Internet Spies
This article just scratches the surface about the aerospace industry in England being targeted by a group of hackers recently. The article talks about the possibility of the attack being state sponsored which means coming from either one country or a collusion of countries. The attack that was used in this situation was known as a “zero-day” attack. As we learned in class a zero-day attack is one that occurs before vulnerability is patched or discovered within a program. The vulnerability exploited in this program was a hole in Microsoft’s windows operating system. The hack was noticed by Google first earlier in the week and it was called to Microsoft’s attention. This was too late because the hackers had infected the aerospace industry’s operating systems with malware which was utilized to take control of computers visiting the company’s website. The investigation it seems is still on going. The industry claims that cyber-espionage was being conducted through this attack hence why they called it out as a state sponsored attack.
When someone exploits a zero-day attack there really isn’t much the company could’ve done because you usually can’t protect against something you and the programmers don't even know about. In this case, neither company nor Microsoft knew about the hole until it had been exploited. A company could put in very strict preventative measures in order to try to detect these items that have holes in them, but they usually aren’t discovered until someone exploits them.
-Jacob Booth
47/50 - missed points because while zero-day attacks are difficult to prevent, since patches aren't available, the hacker still needs to gain access to your network so other controls could possibly prevent the attack, such as firewalls, proper authentication, etc.
This article goes in depth about how CloudFlare was breach on June 1, 2012. CloudFlare is a service that “makes websites better.” According to Wikipedia CloudFlare is a content delivery network and domain name service that is aimed at enhancing a websites security and performance. CloudFlare gained media attention for providing security to Lulzsec’s website. On June 1 CloudFlare was hacked through a combination of social engineering and horrible internal controls. According to CloudFlare the hacker first utilized social engineering which enabled him to redirect the CEO’s voice mails to a fraudulent voice mail box. The hacker then got Gmail to reset the CEO’s password by calling his phone and issuing the CEO a new pin number. This phone call was directed to the fraudulent voicemail box the hacker set up and it delivered the pin the hacker needed. The hacker could then use the password and reset the CEO’s password gaining access to his Gmail account. The internal flaw that allowed the hacker to steal a customer’s information was that when a customer that uses CloudFlare resets their password the whole executive team receives an e-mail with the new credentials. Someone during this time period reset their credentials so the hacker was able to exploit a flaw in the internal control of the company. This whole process took less than 2 hours to complete according to the article.
Actions were taken by the company to close these holes in their security. They reached out to Google about their 2 factor security system and its flaw. Google acknowledged this and fixed the problem. The company supposedly did an IT security audit at the end of this whole ordeal. Hopefully they put in procedures that restrict the ability of any administrator to reset and gain customer reset information. When you have sensitive information being e-mailed to administrators that more than likely do not need it, this creates more targets for potential hackers to exploit. The social engineering part of the hack really could have been avoided if the CEO had just answered his phone instead of letting it go to voicemail, but other than that there was not much on CloudFlare’s end that could be done to prevent it. The social engineering tactic fooled AT&T and Google so as the article said it is up to them to fix it. This article shows that even IT security companies are still susceptible to being hacked just like everyone else.
-Jacob Booth
Aerospace Cyber Attack: Eurozone Targeted By Internet Spies
This article just scratches the surface about the aerospace industry in England being targeted by a group of hackers recently. The article talks about the possibility of the attack being state sponsored which means coming from either one country or a collusion of countries. The attack that was used in this situation was known as a “zero-day” attack. As we learned in class a zero-day attack is one that occurs before vulnerability is patched or discovered within a program. The vulnerability exploited in this program was a hole in Microsoft’s windows operating system. The hack was noticed by Google first earlier in the week and it was called to Microsoft’s attention. This was too late because the hackers had infected the aerospace industry’s operating systems with malware which was utilized to take control of computers visiting the company’s website. The investigation it seems is still on going. The industry claims that cyber-espionage was being conducted through this attack hence why they called it out as a state sponsored attack.
When someone exploits a zero-day attack there really isn’t much the company could’ve done because you usually can’t protect against something you and the programmers don't even know about. In this case, neither company nor Microsoft knew about the hole until it had been exploited. A company could put in very strict preventative measures in order to try to detect these items that have holes in them, but they usually aren’t discovered until someone exploits them.
-Jacob Booth
47/50 - missed points because while zero-day attacks are difficult to prevent, since patches aren't available, the hacker still needs to gain access to your network so other controls could possibly prevent the attack, such as firewalls, proper authentication, etc.